28 julio, 2022

9VSA22-00681-01 CSIRT comparte vulnerabilidades de RedHat

Resumen

El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT de Gobierno, comparte información sobre vulnerabilidades en varios productos de Red Hat.

Vulnerabilidades

CVE-2022-21540

CVE-2022-21541

CVE-2022-21549

CVE-2022-34169

CVE-2022-34265

CVE-2018-25032

CVE-2021-3634

CVE-2021-40528

CVE-2022-1271

CVE-2022-22576

CVE-2022-27774

CVE-2022-27776

CVE-2022-27782

CVE-2022-29526

CVE-2022-29824

CVE-2022-28346

CVE-2022-28347

CVE-2022-31107

Impacto

Vulnerabilidades de riesgo crítico

CVE-2022-34265: Un error en Django permite realizar inyección SQL si datos no confiables son usados como valor kind/lookup_name.

Productos afectados

Red Hat Ansible Automation Platform 2.1 x86_64

Red Hat CodeReady Linux Builder for ARM 64 – Extended Update Support 8.4 aarch64

Red Hat CodeReady Linux Builder for ARM 64 – Extended Update Support 8.6 aarch64

Red Hat CodeReady Linux Builder for ARM 64 – Extended Update Support 9.0 aarch64

Red Hat CodeReady Linux Builder for ARM 64 8 aarch64

Red Hat CodeReady Linux Builder for ARM 64 9 aarch64

Red Hat CodeReady Linux Builder for IBM z Systems – Extended Update Support 9.0 s390x

Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x

Red Hat CodeReady Linux Builder for Power, little endian – Extended Update Support 8.4 ppc64le

Red Hat CodeReady Linux Builder for Power, little endian – Extended Update Support 8.6 ppc64le

Red Hat CodeReady Linux Builder for Power, little endian – Extended Update Support 9.0 ppc64le

Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le

Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le

Red Hat CodeReady Linux Builder for x86_64 – Extended Update Support 8.4 x86_64

Red Hat CodeReady Linux Builder for x86_64 – Extended Update Support 8.6 x86_64

Red Hat CodeReady Linux Builder for x86_64 – Extended Update Support 9.0 x86_64

Red Hat CodeReady Linux Builder for x86_64 8 x86_64

Red Hat CodeReady Linux Builder for x86_64 9 x86_64

Red Hat Enterprise Linux Desktop 7 x86_64

Red Hat Enterprise Linux for ARM 64 – Extended Update Support 8.4 aarch64

Red Hat Enterprise Linux for ARM 64 – Extended Update Support 8.6 aarch64

Red Hat Enterprise Linux for ARM 64 – Extended Update Support 9.0 aarch64

Red Hat Enterprise Linux for ARM 64 8 aarch64

Red Hat Enterprise Linux for ARM 64 9 aarch64

Red Hat Enterprise Linux for IBM z Systems – Extended Update Support 8.4 s390x

Red Hat Enterprise Linux for IBM z Systems – Extended Update Support 8.6 s390x

Red Hat Enterprise Linux for IBM z Systems – Extended Update Support 9.0 s390x

Red Hat Enterprise Linux for IBM z Systems 7 s390x

Red Hat Enterprise Linux for IBM z Systems 8 s390x

Red Hat Enterprise Linux for IBM z Systems 9 s390x

Red Hat Enterprise Linux for Power, big endian 7 ppc64

Red Hat Enterprise Linux for Power, little endian – Extended Update Support 8.4 ppc64le

Red Hat Enterprise Linux for Power, little endian – Extended Update Support 8.6 ppc64le

Red Hat Enterprise Linux for Power, little endian – Extended Update Support 9.0 ppc64le

Red Hat Enterprise Linux for Power, little endian 7 ppc64le

Red Hat Enterprise Linux for Power, little endian 8 ppc64le

Red Hat Enterprise Linux for Power, little endian 9 ppc64le

Red Hat Enterprise Linux for Scientific Computing 7 x86_64

Red Hat Enterprise Linux for x86_64 – Extended Update Support 8.4 x86_64

Red Hat Enterprise Linux for x86_64 – Extended Update Support 8.6 x86_64

Red Hat Enterprise Linux for x86_64 – Extended Update Support 9.0 x86_64

Red Hat Enterprise Linux for x86_64 – Update Services for SAP Solutions 8.1 x86_64

Red Hat Enterprise Linux for x86_64 – Update Services for SAP Solutions 8.4 x86_64

Red Hat Enterprise Linux for x86_64 – Update Services for SAP Solutions 8.6 x86_64

Red Hat Enterprise Linux for x86_64 – Update Services for SAP Solutions 9.0 x86_64

Red Hat Enterprise Linux for x86_64 8 x86_64

Red Hat Enterprise Linux for x86_64 9 x86_64

Red Hat Enterprise Linux Server – AUS 8.4 x86_64

Red Hat Enterprise Linux Server – AUS 8.6 x86_64

Red Hat Enterprise Linux Server – TUS 8.4 x86_64

Red Hat Enterprise Linux Server – TUS 8.6 x86_64

Red Hat Enterprise Linux Server 7 x86_64

Red Hat Enterprise Linux Server for ARM 64 – 4 years of updates 9.0 aarch64

Red Hat Enterprise Linux Server for IBM z Systems – 4 years of updates 9.0 s390x

Red Hat Enterprise Linux Server for Power LE – Update Services for SAP Solutions 8.1 ppc64le

Red Hat Enterprise Linux Server for Power LE – Update Services for SAP Solutions 8.4 ppc64le

Red Hat Enterprise Linux Server for Power LE – Update Services for SAP Solutions 8.6 ppc64le

Red Hat Enterprise Linux Server for Power LE – Update Services for SAP Solutions 9.0 ppc64le

Red Hat Enterprise Linux Workstation 7 x86_64

Red Hat Update Infrastructure 4 x86_64

Secondary Scheduler Operator for Red Hat OpenShift (OSSO) 1.0 x86_64

 

Mitigación

Instalar las respectivas actualizaciones entregadas por el proveedor.

 

Enlaces

https://access.redhat.com/errata/RHSA-2022:5736

https://access.redhat.com/errata/RHSA-2022:5738

https://access.redhat.com/errata/RHSA-2022:5699

https://access.redhat.com/errata/RHSA-2022:5703

https://access.redhat.com/errata/RHSA-2022:5702

https://access.redhat.com/errata/RHSA-2022:5700

https://access.redhat.com/errata/RHSA-2022:5701

https://access.redhat.com/errata/RHSA-2022:5698

https://access.redhat.com/errata/RHSA-2022:5696

https://access.redhat.com/errata/RHSA-2022:5717

https://access.redhat.com/errata/RHSA-2022:5718

https://access.redhat.com/errata/RHSA-2022:5697

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21540

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21541

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21549

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34169

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34265

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3634

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40528

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27782

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29824

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28346

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28347

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31107

Informe

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA22-00681-01.

9VSA22-00681-01 CSIRT comparte vulnerabilidades de RedHat